From e15a263529dd6077965e286802eeaa64e81dd5e8 Mon Sep 17 00:00:00 2001
From: Yara Tercero <yara.tercero@elastic.co>
Date: Thu, 2 Jul 2020 11:19:16 -0400
Subject: [PATCH] fix 400 error on initial signals search

---
 .../public/alerts/components/alerts_info/query.dsl.ts          | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts b/x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts
index a3972fd35bf2d..4b57c7dc20d9f 100644
--- a/x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts
+++ b/x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts
@@ -10,6 +10,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
       bool: { should: [{ match: { 'signal.status': 'open' } }], minimum_should_match: 1 },
     },
   ];
+
   return {
     aggs: {
       lastSeen: { max: { field: '@timestamp' } },
@@ -30,7 +31,7 @@ export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
             : queryFilter,
       },
     },
-    size: 0,
+    size: 1,
     track_total_hits: true,
   };
 };